Hacker News new | comments | show | ask | jobs | submit login
Setting the record straight (whatsapp.com)
30 points by ibsathish 1347 days ago | hide | past | web | favorite | 41 comments

To support your public commitment to privacy: OTR or better for WhatsApp, and/or a third party client so we could do this, please.

I'll excuse the metadata issues for a while if you build the app in such a way that confidentiality is protected independent of your infrastructure, and if pushing a "bad" app to clients is detectable. It's still a pain if targeted malware is pushed to individual clients, as those clients are unlikely to detect it. There are some emerging ways to address that, but first things first.

You have literally billions of dollars; it would take at most millions to implement this. Making an app with 450 million uses around the world somewhat more secure would be supremely meaningful, even if it's not perfect.

Facebook will use whatsapp for whatever purpose they see fit. A 19 billion acquisition is not a partnership. When that will happen deliberately, maybe a year from now, the founders will leave, maybe slamming the doors, and enjoy their riches for the years to come.

Does anyone know the founders' employment history before Whatsapp? Have any of them been a part of a buyout or merger before?

I empathize with Jan & I think he believes what he has written, but does he think Facebook bought them for no reason at all? If he wants us to take him seriously he should explain how Whatsapp intends to make money for Facebook. Even implementing OTR won't totally protect users' privacy, so long as a megacorp is capable of performing traffic analysis.

No, they previously worked for Yahoo.

Agreed. This is just empty PR.

If the guy was that concerned about privacy he wouldn't sell to the company with one of the worst reputations for privacy.

He made the choice and that's fine, but this communication is effectively meaningless. Actions speak louder than words.

Yeah, this is probably the most naive thing I've read in a while. Give it a year or two and this service will be integrated, absorbed, or shut down. I can't wait to see the gnashing of teeth over the inevitable TOS change.

He seats on the board. This is not an acquihire.

  Respect for  your privacy is coded  into our DNA, and  we built WhatsApp
  around the  goal of knowing as  little about you as  possible: You don’t
  have to give  us your name and  we don’t ask for your  email address. We
  don’t know  your birthday.  We don’t  know your  home address.  We don’t
  know where you  work. We don’t know  your likes, what you  search for on
  the internet  or collect your GPS  location. None of that  data has ever
  been collected  and stored by WhatsApp,  and we really have  no plans to
  change that.

I don't recall them ever being accused of tracking all this information. The problem is the metadata; They know who you are talking to and for Facebook this is exactly the kind of information that they want. They want to enhance their social graphs and have a better view of who interacts with who. This is auspiciously lacking in their statement.

Sometimes it is more important what a post like this doesn't say.

"You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."

Great: they don't take my PII - but a person can easily be de-anonymized with just meta-data.

In addition, nowhere does it say "we won't read your messages" or "we won't sell your conversations". I think they are interested in much more than just meta-data. If I were Facebook, I would be licking my chops at the prospect of access to the mountain of saved private conversations.

This jumped out at me as well.

In his list, they don't-not collect A. my phone number, and B. my entire message history. Certainly he knows that our phone number is PII enough.

It's trivial for someone with the means to tie a cell number back to a person, and only slightly less trivial to look at timestamps and cross-reference tower locations and messages to have a quality bit of intel.

If he was truly about this "we're not the Stasi" bit, I'd imagine we'd see some measure of assurance they don't store messages.

But, then again I don't know that the service would have been worth 19B USD without those.

and your phone number is PII that Facebook asks you to register with them!

So...yea, not exactly anonymous.

I don't know that Facebook requires a phone number, but yes definitely anyone that has given it out has given them that direct link.

Facebook started asking for your phone number a few years ago. It's required for all new signups and existing users are asked to provide one (to continue) as well, afaik. And then there's the Facebook app on mobile phones that reads everyones phone number out of their address book.

I think the key part is

  scaring people into thinking we’re suddenly collecting all kinds of new data
I don't suppose many people outside of the Tinfoil Helmet Brigade doubt this right now, but what of the future? When the piper (fb) comes piping (and that could be a year or three away) what tune will they dance to?

If partnering with Facebook meant that we had to change our values, we wouldn’t have done it.

With no disrespect intended towards the whatsapp team, given the terms of the deal, it's a bit hard for them to say "If partnering with Facebook meant X we wouldn't have done it" unless X is "life would not have been as staggeringly beneficial to us".

Given the terms of the deal, I think Mr. Zuckerberg "Made an offer he [they] can't refuse".

The whatsApp team is disrespecting their users and their users' intelligence. To continue misleading/outright lying to their users is horrific in my opinion.

Wow. Not the response I expected. I'm not sure if the naivety is authentic or we should feel punked. They didn't partner with anyone. They were bought. Not changing will be allowed as long as it benefits the buyer.

    ...said every acquisition ever

> You don’t have to give us your name

Ok, is that another way of saying they know it already since it was in another users contacts that got synced to there server?

provided you have whatsapp and facebook on your phone the following happens though.

1. they both know your mobile phone book.

2. they both know your imei

3. they both know your phone number(this doesn't have to be the same by the time you sign up for the other)

just no.1 is already enough to get an accurate estimate on who the person is. notice how they never said that they didn't log that information?

it's also very unlikely that they don't have access logs to their service, which usually includes ip's i.e. location, but for all we know they could be encoding carrier information in a couple of bytes during the transmission of the contact list.

edit: while the mobile ip's don't give you exact information, they still give you enough heuristics to overlap them with other services

> it's also very unlikely that they don't have access logs to their service, which usually includes ip's i.e. location.

In mobile data world, the norm is MASSIVE NAT. Thousands of users per IP (you can IIRC make 65535 distinct connections over a single NATd IP). Also, the connections are usually terminated in one (or fairly few) data centres, so the IP only tells you the country and the provider, nothing more.

Not only that but a few days ago they updated the Android app which can now retrieve your running apps. This means that, given enough time, they know all the apps you have installed. They also force you to update to the new version. Failing to do so means you can no longer use the app.

They turned evil and that's why me and my friends started using Telegram.

They don't care but privacy, they care about money, let's cut the BS.

If I had known for even a second that the reason whatsapp took so long to start up on my phone, was it uploading MY ENTIRE PHONEBOOK to their servers, I would never use it. The damage has been done, but I never will use it.

I don't understand how the whatsapp CEO can come out with a statement like this while presiding over a program that behaves like this.

This may sound naive, but I genuinely believe that Whatsapp cares about user privacy and that they won't silently mine our data and send it to Facebook. That would amount to sheer hypocrisy, and could also come under legal scrutiny. I also think that Zuckerberg, at some level, really does want to connect the world and all that, and Whatsapp is a much better bet than Facebook is, for developing countries. That being said, Whatsapp does need to improve their security, and irrespective of the facts, this is proving to be a bit of PR disaster for them, with a mass exodus of users to Telegram. (They'd do well to nick some features from Telegram).

Right, whatsapp doesn't collect private information. You just can't use it unless you hand over all of your contacts!

I forgot about this... they have one of the best network graphs of the world.

In fact, doesn't Whatsapp have more users than Facebook? That might be worth more than the message archives.

Discussion from half a day ago:


    "Respect for your privacy is coded into our DNA"
This post is complete nonsense, and has no value at all because their words don't match their actions. A company that respects privacy wouldn't partner up with another company best known for infringement of privacy.

Suit the word to the action.

He who pays the piper calls the tune. It really doesn't matter what Jan wants, Zuckerberg is the decider.

"None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that." ... but I'm not promising we won't!

So there is an exodus. Interesting.

Why partner with Facebook then? They act as if they did not expect this kind of reaction from the public.

Facebook felt that remaining the apex predator in the social space was worth $19b. The Whatsapp founders, like anyone else, couldn't say no to $19b.

They had 19 billion reasons to partner with Facebook

I have been meaning to ask this.

What encryption does Whatsapp use? Their FAQ doesn't say.

It also doesn't say if it is end-to-end (client-to-client) encryption or if the data is stored in plain on their servers? (I understand it is not stored permanently.)

If what he's saying here is true, then Facebook would have had no reason to spend all that money acquiring Whatsapp.

OK, so if all this is true, what did the worlds premier data broker actually pay $19 billion for?

Open letters mean nothing. TOS or it didn't happen.

How dare you spout such obvious tripe?! You have no say anymore, STFU and stop misleading people!

IIRC he ended up on the Facebook board, so he has a certain say on Whatsapp stuff.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact